EP3582532B1

EP3582532B1 - Method, device and system for internet of things communication

Info

Publication number: EP3582532B1
Application number: EP18872718.4A
Authority: EP
Inventors: Kai ZHOU
Original assignee: Huawei Cloud Computing Technologies Co Ltd
Current assignee: Huawei Cloud Computing Technologies Co Ltd
Priority date: 2017-11-03
Filing date: 2018-10-24
Publication date: 2023-02-08
Anticipated expiration: 2038-10-24
Also published as: US20200045546A1; JP2020515126A; KR102247485B1; JP6908334B2; WO2019085803A1; US11729615B2; CN109756450B; CN109756450A; EP3582532A4; EP3582532A1; KR20190121842A

Description

TECHNICAL FIELD

This application relates to the internet of things field, and in particular, to a method, an apparatus, and a system for communication between an internet of things terminal and an internet of things server in the internet of things field.

BACKGROUND

In an internet of things system, there are a large quantity of internet of things terminals with a limited capability or a limited resource. Due to small memory or limited power supply, and the like, these terminals are generally characterized by small traffic, a low rate, low power consumption, low costs, and the like. A typical internet of things terminal with a limited capability includes a narrow band internet of things (Narrow band internet of things, NB-IoT) terminal, for example, a device such as a water meter, a watt-hour meter, or a gas meter into which an NB-IoT chip is inserted. Because the internet of things terminals with a limited capability cannot support performance consumption that is caused by an authentication scheme (such as DTLS) with a complex procedure, an internet of things platform or an internet of things server generally authenticates the terminals in a registration procedure by using an application layer protocol, for example, a lightweight M2M protocol (Lightweight M2M, LWM2M). However, in the LWM2M protocol, the internet of things platform or server can only authenticate a terminal based on a node identifier (NodelD) that is reported by the terminal in a registration request. This NodeID is generally regular and may be forged by another malicious terminal. Therefore, a registration method needs to be provided, to meet a requirement of low power consumption of the internet of things terminal, and ensure that the internet of things platform or server performs security authentication on the internet of things terminal.
WO 2017/168209 A1 describes a reachability for an M2M service provider network. US 2017/041287 A1 describes a server initiated remote device registration.
US 2013/332627 A1 describes enabling IP-communication with a machine to machine unit.
HUAWEI ET AL: "Use Push Proxy to reduce heartbeat/keep-alive data of Application", 3GPP DRAFT; S2-124171 WAS S2-124037 WAS S2-123644 USE PUSH PROXY TO REDUCE KEEP-ALIVE DATA OF APPLICATIONS R2, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE; 650, ROUTE DES LUCI, vol. SA WG2 12 October 2012 (2012-10-12), XP050683827 describes a proposal to use Push Proxy to reduce heartbeat/keep-alive data of Applications.

SUMMARY

The present invention is defined by the internet of things system of independent claim 1 and by the internet of things communication method of claim 5. Additional features of the invention are presented in the dependent claims.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic architectural diagram of an internet of things system in the prior art;
FIG. 2 is a schematic architectural diagram of an internet of things system according to an embodiment of the present invention;
FIG. 3 is a flowchart of an internet of things terminal registration method according to an embodiment of the present invention;
FIG. 4 is a flowchart of an internet of things terminal detach method according to an embodiment of the present invention;
FIG. 5 is a flowchart of a bootstrap method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a computer device according to an embodiment of the present invention; and
FIG. 7 is a schematic diagram of an interworking gateway function module according to an embodiment of the present invention.

DESCRIPTION OF EMBODIMENTS

FIG. 1 is a typical networking architecture in the prior art in which an internet of things terminal accesses an internet of things platform or an internet of things server by using a telecommunications network. The internet of things platform or the internet of things server performs, for the internet of things terminal, management and operations that are related to a connection, a device, or a service. For ease of description, in this application, the internet of things server is used as an example to describe the technical solutions in specific embodiments, and all the embodiments that are described by using the internet of things server as an example are also applicable to the internet of things platform. A core network in FIG. 1 belongs to a telecommunications network provided by a telecommunication operator. The core network may be an evolved packet core network (evolved packet core, EPC), a 5G core network, or another type or form of telecommunications network that is defined by the 3rd generation partnership project standard organization (3rd Generation Partnership Project, 3GPP). The internet of things terminal may access the core network by using various access technologies or access networks, including an NB-IoT wireless access technology, 4G wireless access, 5G wireless access, Wi-Fi access, wireline access, or the like that is defined by the 3GPP. The core network is connected to the internet of things server by using an internet. In consideration of a factor such as security or network planning, a device such as a network address translation (Network Address Translation, NAT) device or a firewall is usually disposed between the core network and the internet, and between the internet of things server and the internet, to perform network isolation. For example, a NAT device 1 and a NAT device 2 are used in FIG. 1, that is, the internet of things server and the core network are located in different IP subnets or private networks. It should be noted that, if the internet of things server is deployed in a public network, the NAT device 2 may be not used, that is, in FIG. 1, there may be only the NAT device 1 or an address translation device whose function is equivalent to that of the NAT device 1.

It is assumed that the core network and the internet of things server are located in different private networks. The NAT device 1 is located between a private network in which the core network is located and the public network (namely, the internet in FIG. 1), and the NAT device 1 translates between (a private IP address, a private port number) that are of the core network and (a public IP address, a public port number) that are configured on the NAT device 1. The NAT device 2 is located between a private network in which the internet of things server is located and the public network, and the NAT device 2 translates between (a private IP address, a private port number) that are of the internet of things server and (a public IP address, a public port number) that are configured on the NAT device 2. After the internet of things terminal is attached to the core network, a gateway of the core network, for example, a packet data network gateway (Packet Data Network Gateway, PGW) of an EPC network or a user plane (User plane, UP) function entity of a 5G core network, allocates a private IP address (private IP-1) of a private network to which the gateway belongs, to the internet of things terminal. The private IP address of the internet of things server is a private IP-2 which is a private IP address of a private network to which the internet of things server belongs; and an external public address of the internet of things server is the public IP address on the NAT device 2, namely, a public IP-A. When the internet of things terminal and the internet of things server exchange messages by using the access network, the core network, and the internet, the NAT device performs network address translation between a private address and public IP address for source addresses and destination addresses of the messages. As shown in Table 1, for a message sent by the internet of things terminal to the internet of things server (namely, an uplink message in Table 1), a source address of the uplink message from the internet of things terminal is a private IP-1, and a destination address thereof is a public IP-A. When the uplink message passes the NAT device 1, the NAT device 1 translates the source address of the uplink message to a public IP address on the NAT device 1, namely, a public IP-B. When the uplink message passes the NAT device 2, the NAT device 2 translates the destination address of the uplink message to a private address of the internet of things server, namely, a private IP-2. Correspondingly, for a downlink message sent by the internet of things server to the internet of things terminal, a source address of the message from the internet of things server is a private IP-1, and a destination address thereof is a public IP-B. After being translated by the NAT device 2, the source address of the downlink message is changed to the public IP-B; and after being translated by the NAT device 1, the destination address of the downlink message is translated to the private IP-1. It can be learned that, because the core network and the internet of things server are not in a same IP subnet or private network, the internet of things server cannot learn a private IP address that is allocated by the core network to the internet of things terminal, and an address of the internet of things terminal that is included in an uplink message and that can be perceived by the internet of things server is a public address obtained after NAT translation is performed. After the NAT device allocates the corresponding public address for the address of the internet of things terminal, if the NAT device does not receive a message that is from or sent to the internet of things terminal within a specific period, the NAT device no longer maintains a binding relationship or correspondence between the address of the internet of things terminal and the public address, for example, the NAT device may allocate the public address to another internet of things terminal for use. Such a case in which the NAT device releases the binding relationship or correspondence between the public address allocated to the internet of things terminal and the internet of things terminal is also referred to NAT address aging. When the NAT device subsequently receives a message that is from or sent to the internet of things terminal again, the NAT device allocates a new public address, such as a public IP-C, for the internet of things terminal. To keep the public address that is of the internet of things terminal and that undergoes NAT translation from being aged, generally, the internet of things terminal and the internet of things server send a message such as a heartbeat message, so that the NAT device keeps the binding relationship and correspondence between the public address and the address of the internet of things terminal after NAT translation is performed, and the public address that is perceived by the internet of things server after NAT translation is performed and that is of the internet of things terminal remains unchanged. This method is also referred to as NAT keepalive. It should be noted that an IP address or IP information mentioned in this application may further include information such as a port number, that is, the IP address or the IP information in this application may be an IP address, or may be an IP address and a port number.

Table 1

	Internet of things terminal		Internet of things server
	Source address	Destination address	Source address	Destination address
Uplink message	Private IP-1	Public IP-A	Public IP-B	Private IP-2
Downlink message	Public IP-B	Private IP-1	Private IP-1	Public IP-B

As described in the background, a complex DTLS authentication scheme is not suitable to authenticate the internet of things terminal, and an authentication scheme based only on a device or a node identifier in an existing physical network protocol is not enough to ensure security. In an IP network, especially in a telecommunications network where a telecommunication operator is credible, a source address of a message is generally difficult to forge. If the internet of things server can authenticate the source address of the uplink message in addition to authenticating the device identifier of the internet of things terminal, security and reliability on authentication of the device can be greatly increased.
However, with a limited battery service life of the internet of things terminal, a limited load capacity of an NB-IoT network, a limited quantity of connections that are newly established in each cell per second, and the like, frequently sending a heartbeat message to keep NAT alive has disadvantages, for example, the battery service life of the internet of things terminal is sharply decreased, and the NB-IoT network load is occupied by a large quantity of low-value heartbeat messages. Therefore, in an actual application, the internet of things terminal generally does not support frequent sending of the heartbeat message, and then the internet of things server perceives that a source address (namely, the public address of the internet of things terminal that is obtained after NAT translation is performed) in an uplink message is not fixed. The internet of things server cannot determine or authenticate an identity of the internet of things terminal by using the source address of the uplink message.
As shown in FIG. 2, this application provides a new device, namely, an interworking gateway. The interworking gateway is connected to a core network, for example, the interworking gateway is connected to a PGW or a UP in the core network, and the interworking gateway is located in a same IP subnet or private network as the PGW or UP in the core network. In addition to a short connection that may be used to transmit messages and data, the interworking gateway and an internet of things server may maintain at least one reliable transmission path for communication. The reliable transmission path may be a long connection, such as an encrypted or unencrypted MQTT long connection, an encrypted or unencrypted CoAP long connection, or an encrypted or unencrypted WebSocket long connection. PGWs or UPs that are in the interworking gateway and a telecommunications network are located in a same IP subnet or private network, and there is no address translation device between the interworking gateway and an internet of things terminal, the interworking gateway may address, in a reliable telecommunications network, the internet of things terminal by directly using a private address of the internet of things terminal. Therefore, no additional heartbeat message needs to be sent between the interworking gateway and the internet of things terminal, thereby reducing power consumption and performance consumption of the internet of things terminal. In addition, when the interworking gateway communicates with the internet of things server by using a long-connection transmission path, communication security is ensured and it is not easy to steal and forge transmission information. In this embodiment of this application, a scheme in which the long connection is used between the interworking gateway and the internet of things server is mainly described, and a scheme in which the short connection is used between the interworking gateway and the internet of things server for communication is not described in this application. It should be noted that the interworking gateway may communicate with the internet of things server by using both the long connection and the short connection. For example, for an uplink message sent by the interworking gateway to the internet of things server, the short connection is used for communication, and for a downlink message sent by the internet of things server to the interworking gateway, the long connection is used for communication; or for an uplink message sent by the interworking gateway to the internet of things server, the long connection is used for communication, and for a downlink message sent by the internet of things server to the interworking gateway, the short connection is used for communication.
FIG. 3 shows a process in which an internet of things terminal is attached to an EPC network by using an NB-IoT wireless network and then registered on an internet of things platform in an interworking gateway deployment scenario. The RAN shown in FIG. 3 is an NB-IoT wireless network and is a specific embodiment of the access network shown in FIG. 1 and FIG. 2. The EPC network is a specific embodiment of the core network shown in FIG. 1 and FIG. 2. The NAT device and the internet that are shown in FIG. 1 and FIG. 2 still exist in the network of the embodiment shown in FIG. 3. Due to limitation of a message flowchart, neither the NAT device nor the internet is presented in the message flowchart shown in FIG. 3.
301. An internet of things terminal that has registered an account on an internet of things server accesses an NB-IoT wireless network and is attached to an EPC network, and a packet data protocol (Packet data protocol, PDP) context is active. For related access and attach procedures and a PDP context activation procedure, refer to related 3GPP standard protocols such as 3GPP TS 23.401 and 3GPP TS 23.060. Details are not described herein. After the internet of things terminal is attached to the EPC network, a PGW in the EPC network allocates an IP address to the internet of things terminal. It is assumed that the allocated IP address is a private IP-1. It should be noted that account registration indicates that the internet of things server has recorded device-related information of the internet of things terminal, including information such as a device identifier and an international mobile subscriber identification number (International Mobile Subscriber Identification Number, IMSI), where the device identifier may be a node identifier (node identification, NodeID), an international mobile equipment identity (International Mobile Equipment Identity, IMEI), a media access control (Media Access Control, MAC) address, a serial number (serial number, SN), or the like.
302. The EPC network notifies an interworking gateway that the internet of things terminal has been attached to the EPC network. In FIG. 3, "device online" means that the internet of things terminal is attached to the EPC network. A message in step 302 includes at least the IP address that is allocated by the PGW in the EPC network to the internet of things terminal, and the IMSI of the internet of things terminal. This embodiment imposes no limitation on a specific network element that notifies the interworking gateway and that is in the EPC network. Specifically, the network element that notifies the interworking gateway may be a mobility management entity (Mobility Management Entity, MME), a PGW, a home subscriber server (Home Subscriber Server, HSS), a policy and charging rules function (Policy and Charging Rules Function, PCRF) unit, or the like. When the PGW in the EPC network is connected to the interworking gateway and the PGW sends the message in step 302 to the interworking gateway, in a possible implementation, the PGW may communicate with the interworking gateway by using a Diameter protocol or a RADIUS protocol. For example, an ACR message is used to notify the interworking gateway that the device gets online, and the ACR message carries the IP address and the IMSI that are of the internet of things terminal.
303. The interworking gateway notifies the internet of things server that the internet of things terminal gets online, where a notification message includes at least the IP address and the IMSI that are of the internet of things terminal. It should be noted that, in a specific embodiment of this application, the interworking gateway may send the message to the internet of things server by using a long connection that has been established to the internet of things server, or in another manner. The internet of things server receives the message in step 303, queries the device information of the internet of things terminal that has registered the account, determines the device identifier of the internet of things terminal corresponding to the IMSI, and records the IP address and the IMSI that are of the internet of things terminal. It is assumed that the interworking gateway sends the message in step 303 by using an MQTT long connection between the interworking gateway and the internet of things server, and a possible message format of the message in step 303 is as follows:

         Topic:.IGs. {IGId}.event.radiusEvent
         Payload:
         {
             "header": {
                  "from": "∗∗∗"
                  "to": "∗∗∗",
                  "requestId": " frequestId}",
                  "timestamp": "{timestamp}",
         }, "body": {
              RadiusMessageType": "{Start}",
                  "UE_IP": "{UE_IP}",
                  "IMSI": "{IMSI}",
              }
         }

"IG" represents the interworking gateway interworking gateway, and "radius" represents the RADIUS protocol.

304. The internet of things server sends a message to the interworking gateway, to update information that is related to the internet of things terminal and that is recorded by the interworking gateway. The message in step 304 includes at least the IP address, the IMSI, and the device identifier that are of the internet of things terminal. It should be noted that, in a specific embodiment of this application, the internet of things server may send the message to the interworking gateway by using a long connection between the internet of things server and the interworking gateway, or in another manner. The interworking gateway receives the message in step 304, and records the IP address, the IMSI, and the device identifier that are of the internet of things terminal. It should be noted that, after receiving the message in step 302, the interworking gateway may directly record the IP address of the internet of things terminal; and the interworking gateway may not send, to the internet of things server, the IP address of the internet of things terminal, that is, the message in step 303 does not include the IP address of the internet of things terminal. In this case, the internet of things server adds the IMSI and the device identifier that are of the internet of things terminal to the message in step 304. It is assumed that the internet of things server sends the message in step 304 by using an MQTT long connection between the internet of things server and the interworking gateway, and a possible message format of the message in step 304 is as follows:

         Topic:.IGs. {IGId}.event.radiusEvent
         Payload:
         {
             "header": {
                  "from": "∗∗∗"
                  "to": "∗∗∗"
                  "requestId": " frequestId}",
                  "timestamp": "{timestamp}",
         }, "body": {
                  "RadiusMessageType": " {Start} ",
                  "UE_IP": "{UE_IP}",
                  "IMSI": "{IMSI}",
                  "deviceNodeID": "{NodeID}",
             }
         }

After the interworking gateway saves a correspondence between the device identifier and the address that are of the internet of things terminal, for a subsequently received message that is from the internet of things server and that needs to be forwarded to the internet of things terminal, provided that the message from the internet of things server includes the device identifier of the internet of things terminal, the interworking gateway may query, based on the device identifier, the corresponding address of the internet of things terminal, and then forward the message from the internet of things server to the internet of things terminal.

305. The internet of things terminal sends, by using an access network and a core network, a registration request to the interworking gateway, where a destination address of the registration request is an IP address of the interworking gateway, a source address thereof is the IP address of the internet of things terminal, and the IP address of the interworking gateway and the IP address of the internet of things terminal belong to a same IP subnet or a private network. The registration request includes the device identifier of the internet of things terminal. An address of the interworking gateway may be preset on the internet of things terminal, or may be delivered by using a bootstrap procedure to the internet of things terminal before the internet of things terminal is registered. A specific transmission path of the registration request may be that the registration request is sent to the interworking gateway by using a PGW through an NB-IoT wireless network, or may be that the registration request is sent to the interworking gateway by using another path. This embodiment imposes no limitation on message routing and forwarding in the EPC network.

306. The interworking gateway receives the registration request from the internet of things terminal, and parses the request to obtain the source address (namely, the IP address of the internet of things terminal) and the device identifier. The interworking gateway determines whether the IP address and the device identifier that are included in the registration request are recorded in the interworking gateway, and whether a correspondence between the IP address and the device identifier that are included in the registration request is the same as the correspondence between the IP address and the device identifier that are recorded in the interworking gateway. If the IP address and the corresponding device identifier that are recorded in the interworking gateway are the same as the IP address and the device identifier that are included in the registration request, the interworking gateway successfully authenticates the internet of things terminal. If the IP address and the device identifier that are included in the registration request have no corresponding record in the interworking gateway, or the IP address and the device identifier that are included in the registration request are different from the IP address and the device identifier that are recorded in the interworking gateway, or the correspondence between the IP address and the device identifier that are included in the registration request is different from the correspondence between the IP address and the device identifier that are recorded in the interworking gateway, the internet of things terminal fails to be authenticated, and the interworking gateway considers that the internet of things terminal is an invalid terminal, and therefore rejects the registration request.

307. After successfully authenticating the internet of things terminal, the interworking gateway sends the registration request to the internet of things server. The internet of things server creates a registration record for the internet of things terminal. Optionally, the internet of things server may further allocate a new device identifier to the internet of things terminal.

308. The internet of things server returns a registration response to the interworking gateway, where the registration response includes the device identifier of the internet of things terminal. If the internet of things server allocates a new device identifier to the internet of things terminal, the internet of things server may further add, to the registration response in step 308, the new device identifier that is allocated by the internet of things server to the internet of things terminal, and the interworking gateway records the new device identifier that is allocated by the internet of things server to the internet of things terminal. Subsequently, the internet of things server and the interworking gateway may identify the internet of things device by using the new device identifier. The interworking gateway may obtain, through query based on a new device identifier that is of an internet of things terminal and that is included in a message from the internet of things server, a corresponding address of the internet of things terminal, and then forward the message from the internet of things server to the internet of things terminal by using the core network.

309. The interworking gateway determines a corresponding address of the internet of things terminal based on the device identifier that is of the internet of things terminal and that is included in the registration response, and sends the registration response to the internet of things terminal by using the core network, where the source address of the registration response is the IP address of the interworking gateway, and the destination address of the registration response is the IP address of the internet of things terminal. Optionally, the registration response may include the new device identifier that is allocated by the internet of things server to the internet of things terminal.

So far, the internet of things terminal completes a registration procedure on the internet of things server. It can be learned from the technical solution shown in FIG. 3 that, from a perspective of the internet of things terminal, the internet of things terminal registers with a destination address of the interworking gateway. However, actually, the interworking gateway serves as an agent of the internet of things server in an operator network (an EPC network); and because the interworking gateway can perceive a real IP address of the internet of things terminal and obtain the device identifier of the internet of things terminal from the internet of things server, the interworking gateway may replace the internet of things server to authenticate the internet of things terminal. Therefore, actually, the internet of things terminal finally registers with a destination address of the internet of things server. Because the interworking gateway is deployed on a communication path between the internet of things terminal and the internet of things server, the interworking gateway may further record or process service data of the internet of things terminal based on a service requirement, such as local data processing, data cleansing, and data caching. In addition, deployment of the interworking gateway further shields a difference among a huge quantity of the internet of things terminals, thereby simplifying processing of the internet of things server. Different internet of things terminals may support different communication protocols. However, because of translation and forwarding performed by the interworking gateway, the internet of things server may communicate, by using the interworking gateway, with different internet of things terminals based on a same connection manner, message format, or cell type. For example, device identifiers that are supported by the internet of things terminals may vary greatly in type and encoding format. However, the internet of things server allocates a new device identifier to the internet of things terminal, and notifies the interworking gateway of the new device identifier by adding the new device identifier to the message in step 308, and therefore, the internet of things server and the interworking gateway may identify different internet of things terminals by using the device identifiers of a same type and a same format. The interworking gateway is responsible for translation between information such as the device identifier allocated by the internet of things server, the device identifier supported by the internet of things terminal, and the IP address of the internet of things terminal.

Actually, a message or data that is sent by the internet of things server to the internet of things terminal is first sent to the interworking gateway, and then forwarded by the interworking gateway to the internet of things terminal, and therefore, the internet of things server further needs to record and update in real time the interworking gateway that is connected to the internet of things terminal by using the access network and the core network. For example, in the procedure shown in FIG. 3, after the internet of things server receives the message in step 303 that is sent by the interworking gateway, the internet of things server needs to record an identifier of the interworking gateway, and the internet of things server can subsequently communicate with the internet of things terminal by using the interworking gateway. It should be noted that the internet of things terminal may communicate with the internet of things server by using different interworking gateways. For example, in a scenario in which the internet of things terminal roams, the internet of things terminal may be connected to different interworking gateways in different regions. For another example, in a disaster recovery and backup scenario, the core network may connect the internet of things terminal to different interworking gateways. Therefore, after receiving the message in step 303, the internet of things server further needs to determine whether an interworking gateway (namely, an interworking gateway previously connected to the internet of things terminal) that is locally recorded and that is connected to the internet of things terminal is the same as the interworking gateway (namely, an interworking gateway currently connected to the internet of things terminal) that sends the message in step 303. If the interworking gateway that is locally recorded and that is connected to the internet of things terminal is different from the interworking gateway that sends the message in step 303, the internet of things terminal further needs to send a message to the interworking gateway previously connected to the internet of things terminal, to notify the interworking gateway previously connected to the internet of things terminal of clearing related records and information of the internet of things terminal, for example, the device identifier, the IP address, the IMSI, and like information that are of the internet of things terminal. In addition, after the internet of things terminal is disconnected from the core network, for example, in a scenario in which the internet of things terminal is powered off, the core network sends a message to the interworking gateway to update a status of the internet of things terminal; and then the interworking gateway notifies the internet of things server of updating the status of the internet of things terminal. In this case, the internet of things server also notifies the interworking gateway of clearing related information of the internet of things terminal, as shown in FIG. 4.

401. An internet of things terminal is disconnected from a core network. For a detailed procedure, refer to a detach procedure defined in a 3GPP standard. Details are not described herein.

402. An EPC network notifies an interworking gateway that the internet of things terminal has been disconnected from the EPC network. In FIG. 3, "device offline" means that the internet of things terminal is detached. A message in step 402 includes at least an IMSI of the internet of things terminal. This embodiment imposes no limitation on a specific network element that notifies the interworking gateway and that is in the EPC network. Specifically, the network element that notifies the interworking gateway may be a mobility management entity (Mobility Management Entity, MME), a PGW, a home subscriber server (Home Subscriber Server, HSS), a policy and charging rules function (Policy and Charging Rules Function, PCRF) unit, or the like. When the PGW in the EPC network is connected to the interworking gateway, and the PGW sends the message in step 402 to the interworking gateway, in a possible implementation, the PGW may communicate with the interworking gateway by using a Diameter protocol or a RADIUS protocol. For example, an ACR message is used to notify the interworking gateway that the device gets offline, and the ACR message carries the IMSI of the internet of things terminal.

403. The interworking gateway receives a device offline notification, and forwards the device offline notification to an internet of things server.

404. The internet of things server receives the message in step 403 and updates a locally recorded status of the internet of things terminal, for example, the recorded status of the internet of things terminal is "unreachable". In addition, the internet of things server sends a message in step 404 to the interworking gateway to notify the interworking gateway of clearing related records and information of the internet of things terminal, for example, a device identifier, an IP address, and the IMSI, and like information that are of the internet of things terminal. The message in step 404 includes at least the device identifier or the IMSI of the internet of things terminal, where the device identifier may be a device identifier that is allocated by the internet of things server to the internet of things terminal in a registration procedure of the internet of things terminal.

The internet of things server notifies, in a timely manner, the interworking gateway of updating or deleting information and records that are recorded by the interworking gateway and that are of the internet of things terminal, to avoid recording invalid or expired information of the internet of things terminal on the interworking gateway, reduce a volume of data that needs to be maintained by the interworking gateway, and improve performance of the interworking gateway.

In the procedure shown in FIG. 3, the internet of things terminal sends the registration request to the interworking gateway by using the message in step 305. The address of the interworking gateway may be pre-configured in the internet of things terminal, or may be sent by a bootstrap (Bootstrap) server to the internet of things terminal by following a procedure shown in FIG. 5 before the message in step 305 is sent. The bootstrap server is configured to send, to the internet of things terminal, initialization information required for device running, such as an address of a registration server, and software and hardware version information. It should be noted that, internet of things servers may be functionally classified into a plurality of types, such as a device management server, a service server, and a bootstrap server. Each of these functions may be separately deployed as one internet of things server, or all of these functions may be performed by one internet of things server. A bootstrap function that is performed by the internet of things server in FIG. 5 may be performed by an independently disposed bootstrap server, or may be performed by the internet of things server in FIG. 3. It should be further noted that the internet of things server that is shown in FIG. 5 and that performs the bootstrap function records whether the terminal performs a bootstrap procedure.

Messages in steps 501 to 503 are the same as the messages in steps 301 to 303. Details are not described herein again.

504. An internet of things server receives the message in step 503, determines, based on an IMSI included in the message in step 503, that an internet of things terminal has not completed a bootstrap procedure, and therefore, sends bootstrap information to an interworking gateway, where the bootstrap information includes at least a device identifier of the internet of things terminal and an address or identifier of the interworking gateway. The identifier may be a URI; and a specific format of the URI is not limited, and may be a fully qualified domain name (Fully Qualified Domain Name, FQDN) format or any other format. It should be noted that, in this embodiment, before sending the message in step 504 to the interworking gateway, the internet of things server has sent the device identifier and an address that are of the internet of things terminal to the interworking gateway by using the message in step 304.

505. The interworking gateway receives the message in step 504, determines, based on the device identifier of the internet of things terminal, an address of the internet of things terminal, and sends, to the internet of things terminal, the bootstrap information that includes the address or identifier of the interworking gateway. The internet of things terminal receives the message, and the address of the interworking gateway is used as a destination address for subsequent registration.

Based on the procedure shown in FIG. 5, a manufacturer of the internet of things terminal may not pre-configure the bootstrap information in a production phase. This not only reduces production costs, but also reduces a requirement for a supply chain. For example, during product delivery and exchange, it is not required to match bootstrap information pre-configured in an internet of things terminal and an order.

The foregoing mainly describes the solutions provided in this application from a perspective of a method procedure. It can be understood that, to implement the foregoing functions, all devices or network elements, for example, the interworking gateway and the internet of things server, include corresponding hardware structures and/or software modules for performing the functions. Whether a function is performed by hardware or hardware driven by computer software depends on particular applications and design constraints of the technical solutions. A person skilled in the art may use different methods to implement the described functions for each particular application, but it should not be considered that the implementation goes beyond the scope of this application.

The interworking gateway provided in this application may be implemented by a computer device (or a system) in FIG. 6.

FIG. 6 is a schematic diagram of a computer device according to this application. The computer device 600 includes at least one processor 601, a communications bus 602, a memory 603, and at least one communications interface 604.

The processor 601 may be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (application-specific integrated circuit, ASIC), or one or more integrated circuits configured to control program execution of the solutions in this application.

The communications bus 602 may include a path for transmitting information between the foregoing components.

The communications interface 604 can be any apparatus such as a transceiver, and is configured to communicate with another device or a communications network, such as the Ethernet, a radio access network (radio access network, RAN), or a wireless local area network (wireless local area networks, WLAN).

The memory 603 may be a read-only memory (read-only memory, ROM) or another type of static storage device that can store static information and instructions, or a random access memory (random access memory, RAM) or another type of dynamic storage device that can store information and instructions, or may be an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM) or another compact disc storage, an optical disc storage (including a compact disc, a laser disc, an optical disc, a digital versatile disc, a blue-ray optical disc, and the like), a magnetic disk storage medium or another magnetic storage device, or any other medium capable of carrying or storing expected program code in a form of instructions or data structures and capable of being accessed by a computer, but is not limited thereto. The memory may exist independently and is connected to the processor by using the bus. Alternatively, the memory may be integrated with the processor.

The memory 603 is configured to store application program code for executing the solutions in this application, and the processor 601 controls the execution. The processor 601 is configured to execute the application program code stored in the memory 603, to implement a function of an interworking gateway in the present patent method.

In specific implementation, in an embodiment, the processor 601 may include one or more CPUs, for example, a CPU 0 and a CPU 1 in FIG. 6.

In specific implementation, in an embodiment, the computer device 600 may include a plurality of processors, for example, a processor 601 and a processor 608 in FIG. 6. Each of the processors may be a single-core (or single-CPU) processor, or may be a multi-core (or multi-CPU) processor. The processor herein may be one or more devices, circuits, and/or processing cores used to process data (for example, a computer program instruction).

In specific implementation, in an embodiment, the computer device 600 may further include an output device 605 and an input device 606. The output device 605 communicates with the processor 601, and may display information in a plurality of manners. For example, the output device 605 may be a liquid crystal display (liquid crystal display, LCD), a light emitting diode (light emitting diode, LED) display device, a cathode-ray tube (cathode ray tube, CRT) display device, or a projector (projector). The input device 606 communicates with the processor 601, and may receive an input of a user in a plurality of manners. For example, the input device 606 may be a mouse, a keyboard, a touchscreen device, or a sensing device.

The computer device 600 may be a general-purpose computer device or a dedicated computer device. In specific implementation, the computer device 600 may be a desktop computer, a portable computer, a dedicated server, a communications device, an embedded device, or a device having a structure similar to that in FIG. 6. A type of the computer device 600 is not limited in this application.

In this application, the interworking gateway may be further divided into functional modules. For example, each functional module may be obtained through division based on a corresponding function, or two or more functions may be integrated into one module. The integrated module may be implemented in a form of hardware, or may be implemented in a form of a software function module. It should be noted that the module division in the embodiments of the present invention is an example, and is only logical function division. There may be other division manners in actual implementation.

For example, FIG. 7 is a schematic structural diagram of an apparatus, and the apparatus implements functions of the interworking gateway in the foregoing embodiments. A function of a functional module in the apparatus 700 may be implemented by a chip. This is not specifically limited in this embodiment of this application.

As shown in FIG. 7, the apparatus 700 includes a server communications module 701, a service processing module 702, a storage module 703, and a terminal communications module 704.

The server communications module 701 is configured to communicate with an internet of things server. For example, the server communications module 701 creates and maintains a long connection between an interworking gateway and the internet of things server, to communicate with the internet of things server by using the long connection or another connection mode.

The service processing module 702 is configured to: process a message that is received by the server communications module 701 from the internet of things server; send, to an internet of things terminal by using the terminal communications module 704, a message that needs to be forwarded to the internet of things terminal; process a message that is received by the terminal communications module 704 from the internet of things terminal; and send, to an internet of things server by using the server communications module 701, a message that needs to be forwarded to the internet of things server. The storage module 703 stores information (for example, a device identifier that is allocated by the internet of things server to the internet of things terminal, and a device identifier, an IP address, and an IMSI that are of the internet of things terminal) that needs to be stored or recorded in a message or service processing procedure of the service processing module 702. When translating or forwarding a message between the internet of things server and the internet of things terminal, the service processing module 702 further needs to obtain necessary information from the storage module 703. For example, when the service processing module 702 processes the message that is received by the server communications module 701 from the internet of things server, and it is determined that the message needs to be forwarded to the internet of things terminal, the service processing module 702 obtains, from the storage module 703 based on the device identifier (which may be the device identifier that is allocated by the internet of things server to the internet of things terminal) that is carried in the message from the internet of things server and that is of the internet of things terminal, the IP address that corresponds to the device identifier of the internet of things terminal; and sends the message from the internet of things server to the internet of things terminal by using the terminal communications module 704. Service processing supported by the service processing module 702 includes message parsing, message format translation, message forwarding, processing of information or data in a message, storage of the information or data in the message, and the like.

The storage module 703 interacts with the service processing module 702, and is responsible for storing and reading data or information.

The terminal communications module 704 receives the message from the internet of things terminal by using a core network and an access network, or sends a message to the internet of things terminal by using a core network and an access network.

The functional module may be implemented in a form of hardware, or may be implemented in a form of a software function module. In a simple embodiment, a person skilled in the art may figure out that the apparatus 700 may use a form shown in FIG. 6. For example, the service processing module 702 in FIG. 7 may be implemented by the processor 601 in FIG. 6, and the storage module in FIG. 7 may be implemented by the memory 603 in FIG. 6. This is not limited in this embodiment of the present invention. Optionally, when the apparatus 700 shown in FIG. 7 is a chip, functions/implementation processes of the server communications module 701 and the terminal communications module 704 may alternatively be implemented by a pin or a circuit. Optionally, the storage module 703 may be a storage unit in the chip, for example, a register or a cache. Alternatively, the storage module 703 may be a storage unit located outside the chip.

All or some of the foregoing embodiments may be implemented by software, hardware, firmware, or any combination thereof. When the embodiments are implemented by software, the embodiments may be implemented fully or partially in a form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or the functions according to the embodiments of the present invention are fully or partially generated. The computer may be a general-purpose computer, a dedicated computer, a computer network, or another programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or may be transmitted from a computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center to another website, computer, server, or data center in a wired (for example, a coaxial cable, an optical fiber, or a digital subscriber line (DSL)) or wireless (for example, infrared, radio, or microwave) manner. The computer-readable storage medium may be any usable medium accessible by a computer, or a data storage device, such as a server or a data center, integrating one or more usable media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, a DVD), a semiconductor medium (for example, a solid-state drive Solid State Disk (SSD)), or the like.

In the foregoing specific implementations, the objectives, technical solutions, and benefits of the present invention are further described in detail. A person skilled in the art should understand that the foregoing descriptions are merely specific implementations of the present invention, but are not intended to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, or the like made based on the technical solutions in the present invention shall fall within the protection scope of the present invention. In the claims, "comprising" does not exclude another component or another step, and "a" or "one" does not exclude a case of a plurality of. A single processor or another unit may implement several functions enumerated in the claims. Some measures are recorded in dependent claims that are different from each other, but this does not mean that these measures cannot be combined to produce a better effect.

Claims

An internet of things system, comprising an internet of things server and an interworking gateway, wherein
the internet of things server is configured to record account registration information of an internet of things terminal, wherein the account registration information comprises an international mobile subscriber identity, IMSI, and a device identifier that are of the internet of things terminal; and is further configured to process a registration request that is sent by the interworking gateway and that is of the internet of things terminal; and

the interworking gateway is configured to: receive (305) the registration request from the internet of things terminal, and authenticate (306) the internet of things terminal based on a correspondence between an address and the device identifier that are of the internet of things terminal, wherein the correspondence is saved on the interworking gateway, comprising if the interworking gateway determines that a source address of the registration request is the same as the address that is recorded in the correspondence and that is of the internet of things terminal, and that a device identifier that is comprised in the registration request is the same as the device identifier that is recorded in the correspondence and that is of the internet of things terminal, the internet of things terminal is successfully authenticated; and after successfully authenticating the internet of things terminal, the interworking gateway is further configured to send (307) the registration request to the internet of things server.
The internet of things system according to claim 1, wherein the interworking gateway is further configured to receive (302) a first message sent by the telecommunications network, wherein the first message comprises the address and the IMSI that are of the internet of things terminal, the first message is used to indicate, to the interworking gateway, that the internet of things terminal has established a connection to the telecommunications network, and the address of the internet of things terminal is the address that is allocated by the telecommunications network to the internet of things terminal.
The internet of things system according to claim 2, wherein
the interworking gateway is further configured to send (303) a second message to the internet of things server, wherein the second message comprises the IMSI of the internet of things terminal, and the second message is used to indicate, to the internet of things server, that the internet of things terminal has established a connection to the telecommunications network;

the internet of things server is further configured to: receive the second message sent by the interworking gateway, and send, to the interworking gateway, the device identifier that is recorded in the internet of things server, that corresponds to the IMSI, and that is of the internet of things terminal; and

the interworking gateway is further configured to receive the device identifier that is sent by the internet of things server, that is recorded in the internet of things server, and that is of the internet of things terminal; and is further configured to save the correspondence between the address and the device identifier that are of the internet of things terminal on the interworking gateway.
The internet of things system according to claim 2 or 3, wherein the first message is an accounting request message sent by the telecommunications network.
An internet of things communication method, comprising:
receiving (305), by an interworking gateway, a registration request of an internet of things terminal; and

sending (307), by the interworking gateway, the registration request to an internet of things server after successfully authenticating (306) the internet of things terminal based on a correspondence between an address and the device identifier that are of the internet of things terminal, wherein the correspondence is saved on the interworking gateway; comprising if the interworking gateway determines that a source address of the registration request is the same as the address that is recorded in the correspondence and that is of the internet of things terminal, and that a device identifier that is comprised in the registration request is the same as the device identifier that is recorded in the correspondence and that is of the internet of things terminal, the internet of things terminal is successfully authenticated.
The method according to claim 5, wherein before the receiving, by an interworking gateway, a registration request of an internet of things terminal, the method further comprises:
receiving (302), by the interworking gateway, a first message sent by the telecommunications network, wherein the first message comprises the address and the IMSI that are of the internet of things terminal, the first message is used to indicate, to the interworking gateway, that the internet of things terminal has established a connection to the telecommunications network, and the address of the internet of things terminal is the address that is allocated by the telecommunications network to the internet of things terminal.
The method according to claim 6, wherein after the receiving, by the interworking gateway, a first message sent by the telecommunications network, the method further comprises:
sending (303), by the interworking gateway, a second message to the internet of things server, wherein the second message comprises the IMSI of the internet of things terminal, and the second message is used to indicate, to the internet of things server, that the internet of things terminal has established a connection to the telecommunications network;

receiving, by the interworking gateway, the device identifier that is sent by the internet of things server, that is recorded in the internet of things server, and that is of the internet of things terminal; and

saving, by the interworking gateway, the correspondence between the address and the device identifier that are of the internet of things terminal on the interworking gateway.
The method according to claim 6 or 7, wherein the first message is an accounting request message sent by the telecommunications network.
The method according to any one of claims 5 to 8, the method further comprises:
receiving, by the interworking gateway, a bootstrap message sent by the internet of things server, wherein the bootstrap message comprises a device identifier of the internet of things server, and an address or identifier of the interworking gateway, and the bootstrap message is used to indicate that the internet of things terminal initiates registration to the interworking gateway; and

determining, by the interworking gateway based on the device identifier that is comprised in the bootstrap message and that is of the internet of things terminal, the address that is recorded in the correspondence and that is of the internet of things terminal; setting a destination address of the bootstrap message to the address that is recorded in the correspondence and that is of the internet of things terminal; and sending the bootstrap message to the internet of things terminal.
The method according to any one of claims 5 to 9, wherein after the sending, by the interworking gateway, the registration request to an internet of things server, the method further comprises:
receiving (308), by the interworking gateway, a registration response sent by the internet of things server, wherein the registration response comprises the device identifier of the internet of things terminal;

determining, by the interworking gateway, based on the device identifier that is comprised in the registration response and that is of the internet of things terminal, the address that is recorded in the correspondence and that is of the internet of things terminal; setting a destination address of the registration response to the address that is recorded in the correspondence and that is of the internet of things terminal; and sending the registration response to the internet of things terminal.
The method according to claim 10, wherein the registration response that is received by the interworking gateway and that is sent by the internet of things server further comprises an identifier that is allocated by the internet of things server to the internet of things terminal, and the interworking gateway records the identifier that is allocated by the internet of things server to the internet of things terminal.
The method according to claim 10 or 11, wherein after the sending, by the interworking gateway, the registration request to an internet of things terminal, the method further comprises:
receiving, by the interworking gateway, a third message from the internet of things server, wherein the third message comprises the device identifier that is recorded in the correspondence and that is of the internet of things terminal or the identifier that is allocated by the internet of things server to the internet of things terminal; and

determining, by the interworking gateway, based on the device identifier that is recorded in the correspondence and that is of the internet of things terminal or the identifier that is allocated by the internet of things server to the internet of things terminal, the address that is recorded in the correspondence and that is of the internet of things terminal; setting a destination address of the third message to the address that is recorded in the correspondence and that is of the internet of things terminal; and sending the third message to the internet of things terminal.